browser-record
Warn
Audited by Socket on May 19, 2026
1 alert found:
AnomalyAnomalySKILL.md
LOWAnomalyLOW
SKILL.md
SUSPICIOUS: the core behavior matches a browser-session recording skill, but its footprint is broader than necessary because it combines arbitrary web content ingestion with Bash/Read/Write and executes external npm CLIs at runtime. The main concern is medium supply-chain risk from `npx`, especially the unpinned `@claude-flow/cli@latest`, plus moderate data-capture and prompt-injection risk from tracing arbitrary pages without immediate redaction.
Confidence: 82%Severity: 58%
Audit Metadata